WO2020156752A1 - Procédé et dispositifs de gestion de profils de souscription d'un élément de sécurité - Google Patents

Procédé et dispositifs de gestion de profils de souscription d'un élément de sécurité Download PDF

Info

Publication number
WO2020156752A1
WO2020156752A1 PCT/EP2020/000029 EP2020000029W WO2020156752A1 WO 2020156752 A1 WO2020156752 A1 WO 2020156752A1 EP 2020000029 W EP2020000029 W EP 2020000029W WO 2020156752 A1 WO2020156752 A1 WO 2020156752A1
Authority
WO
WIPO (PCT)
Prior art keywords
subscription profile
profile
subscription
security element
mobile terminal
Prior art date
Application number
PCT/EP2020/000029
Other languages
German (de)
English (en)
Inventor
Andreas Morawietz
Nils Nitsch
Ulrich Huber
Ulrich WIMBÖCK
Original Assignee
Giesecke+Devrient Mobile Security Gmbh
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Giesecke+Devrient Mobile Security Gmbh filed Critical Giesecke+Devrient Mobile Security Gmbh
Priority to EP20703683.1A priority Critical patent/EP3918822A1/fr
Priority to US17/427,260 priority patent/US11943837B2/en
Publication of WO2020156752A1 publication Critical patent/WO2020156752A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/18Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
    • H04W8/183Processing at user equipment or user record carrier
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/02Processing of mobility data, e.g. registration information at HLR [Home Location Register] or VLR [Visitor Location Register]; Transfer of mobility data, e.g. between HLR, VLR or external networks
    • H04W8/04Registration at HLR or HSS [Home Subscriber Server]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/02Processing of mobility data, e.g. registration information at HLR [Home Location Register] or VLR [Visitor Location Register]; Transfer of mobility data, e.g. between HLR, VLR or external networks
    • H04W8/08Mobility data transfer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/18Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
    • H04W8/20Transfer of user or subscriber data
    • H04W8/205Transfer to or from user equipment or user record carrier

Definitions

  • the invention relates to a method and apparatus for managing subscription profiles of a security element, which is provided for use in a mobile terminal.
  • PLMN Public Land Mobile Network
  • MNO mobile network operator
  • the security element is a subscriber identity module (so-called subscriber identity module, SIM), which is usually in the form of a chip card is provided.
  • SIM subscriber identity module
  • the SIM contains credentials for authenticating and identifying the user of the mobile terminal, including in particular an International Mobile Subscriber Identity (IMSI) and an authentication key Ki.
  • IMSI International Mobile Subscriber Identity
  • Ki authentication key Ki
  • the user of the mobile terminal device When using the services provided by an MNO, in particular communication via the PLMN provided by the MNO, the user of the mobile terminal device is generally billed by the MNO for a certain monthly fee. If the mobile user wants to switch to another MNO, for example because he is in another country, he generally has to manually replace the SIM provided by the current MNO with another SIM. With the other SIM, which is provided by the new MNO and contains the new subscription profile, the mobile terminal can connect to the PLMN of the new MNO.
  • WO 2015/018533 A1 discloses a method in which a new subscription profile can be loaded from a subscription management server in a simple and secure manner onto the security element of a mobile end device.
  • a command script is used which defines a sequence of commands from the subscription management server.
  • a connection to the new mobile radio network is made using a reloaded subscription profile, executing the command sequence defined by the command script.
  • the user of the mobile terminal is provided with a choice of which subscription profile he would like to use if a plurality of subscription profiles are loaded on the security element. This can make the handling of a large number of subscription profiles loaded on the security element unwieldy under certain circumstances. It is an object of the present invention to provide a method and a device for managing subscription profiles of a security element, which enable easier use.
  • a method for managing subscription profiles of a security element is proposed, the security element being provided for use in a mobile terminal.
  • a profile manager and at least a first subscription profile are loaded on the security element.
  • the method includes the step of loading a second subscription profile from a subscription management server.
  • the method comprises the further step of checking whether the at least one first loaded subscription profile fulfills a predetermined condition.
  • the method comprises the step of decommissioning the at least one first subscription profile if the at least one first subscription profile fulfills the predetermined condition.
  • the proposed method has the advantage that no active profile maintenance has to be carried out by the user of the mobile terminal.
  • a profile maintenance may be useful because a subscription profile downloaded to the security element remains on the security element, even if other subscription profiles are loaded onto the security element and the original subscription profile is no longer required. This simplifies profile maintenance for the user of a mobile device with a security element onto which subscription profiles can be subsequently loaded.
  • SIM Subscriber Identity Module
  • UICC Universal Integrated Circuit Card
  • the step of checking whether the at least one first loaded subscription profile fulfills a predetermined condition and the step of decommissioning are carried out by the profile manager.
  • the profile manager can, for example, be the Issuer Security Domain Root ISD-R defined in the GMSA SGP.22 specification. In principle, other profile managers can also be used to carry out the method according to the invention.
  • the step of decommissioning comprises deleting the at least one first subscription profile.
  • the step of decommissioning can include deactivating the at least one first subscription profile.
  • the profile manager can trigger execution using an APDU command, such as a DELETE or DISABLE command.
  • Another expedient embodiment provides that user information is generated and output on a user interface of the mobile terminal, which signals to a user of the mobile terminal that the at least one first subscription profile has been deactivated.
  • the user information includes interaction information, the activation of which is monitored by the user, the activation of the at least one first subscription profile being prevented or carried out when the activation is established. In this way, the user of the mobile terminal is granted a “veto right” with regard to the deactivation of the at least one first subscription profile.
  • LPA Local Profile Assistant
  • Another expedient embodiment includes one or more of the following criteria as the specified condition:
  • HLR Home Location Register
  • the at least one first subscription profile is deleted or deactivated automatically or after confirmation by a user, as a result of which it is not necessary for a user himself to initiate profile maintenance on the security element.
  • a computer program product which can be loaded directly into the internal memory of a digital computer and comprises software code sections with which the steps of the method described here are carried out when the product is running on a computer.
  • the computer can be a computing unit of a mobile terminal as described herein.
  • the computer program product can be in the form of a data carrier, e.g. one
  • a security element which is intended for use in a mobile terminal, a profile manager and at least a first subscription profile being loaded on the security element.
  • the security element is designed to load a second subscription profile from a subscription management server.
  • the security element is designed to check whether the at least one first loaded subscription profile fulfills a predetermined condition.
  • the security element is designed to put the at least one first subscription profile out of operation if the at least one first subscription profile fulfills the specified condition.
  • the proposed security element has the same advantages as those described above in connection with the inventive method. Furthermore, the security element is designed to carry out the preferred configurations specified in the dependent claims.
  • a mobile terminal which comprises a security element of the type designed according to this description.
  • FIG. 1 shows a schematic illustration of a mobile device according to the invention
  • Fig. 2 is a schematic flow chart that illus trates the flow of the inventive method for managing subscription profiles.
  • 1 shows a schematic representation of a mobile terminal 10 according to the invention.
  • the mobile terminal comprises 10 a security element 11.
  • the security element 11 (also sometimes referred to as an identification module) can be in the form of a SIM card or a UICC.
  • the security element can also be an embedded security element in the form of an eSIM or an eUICC, which are an integral part of the mobile terminal 10.
  • the security element 11 comprises a memory on which a profile manager 12 and a first subscription profile 13 (or a plurality of first sub-subscription profiles) are loaded.
  • the data stored on the security element 11 are securely stored and make it possible to uniquely identify the user of the mobile terminal 10 (the so-called subscriber).
  • the first subscription profile 13 is used to ensure that the MNO (mobile radio network operator) provided services can be used by the user by means of the mobile terminal 10.
  • the profile manager 12 is set up to load a second subscription profile 14 into the security element 11 so that the user of the mobile terminal 10 can use services provided by another MNO, for example.
  • the first subscription profile 13 remains in the security element 11. This is also the case when the original, first subscription profile 13 is no longer required by the user.
  • the procedure described below enables profile maintenance to be carried out automatically, which does not have to be actively initiated by the user.
  • step S2 After loading a second subscription profile onto the security element 11, on which one or more first subscription profiles have already been loaded, according to step S1, a check is carried out according to step S2 as to whether the first subscription profile 13 fulfills a predetermined condition.
  • the profile manager 12 checks whether the first subscription profile 13 fulfills the specified condition.
  • step S3 according to which the first subscription profile is deactivated, if the first subscription profile fulfills the specified condition, is carried out by the profile manager 12.
  • the Issuer Security Domain Root, ISD-R defined in the GSMA SGP.22 specification can be used as the profile manager.
  • Decommissioning the first subscription profile 13 may include deleting or deactivating the first subscription profile. This can be done by triggering the execution of an APDU command on the first subscription profile, for example using the known DELETE or DISABLE command.
  • the profile manager 12 can optionally generate user information and output it on the user interface 16 of the mobile terminal.
  • the user information thus signals to the user of the mobile terminal 10 that the first subscription profile 13 is to be taken out of service.
  • the output of the user information by the profile manager 12 can be brought about by an LPA (Local Profile Assistant), which enables a selection mask which can be displayed on the user interface 16 to manage the subscription profiles.
  • LPA Local Profile Assistant
  • the user information includes interaction information, the activation of which is monitored by the user, and when the activation is established, the decommissioning (deletion or deactivation) of the first subscription profile is prevented or carried out.
  • the interaction information the user can thus be offered the choice of canceling the decommissioning process or deleting the first subscription profile or merely deactivating it.
  • Possible conditions for decommissioning the first subscription profile 13 can be one or more of the following criteria: Leaving a restricted area, especially when crossing a national border. Deleting the first subscription profile 13 can be useful, for example, when the user of the mobile terminal 10 leaves a vacation country so that he can use the first subscription profile used during his stay in the
  • an identification code e.g. a PIN, Personal Identification Number
  • the number of attempts that are available to a user can be specified by the security element.
  • the determination that a call to a predetermined number was initiated or made by the mobile terminal can take place after a so-called one-time call has been carried out, for example for emergency calls to a specified one
  • HLR Home Location Register
  • a rejection information reject
  • the first subscription profile 13 on the security element 11 can be automatically deleted or deactivated. Any boundary conditions can be defined before the decommissioning is carried out becomes. For example, a certain number of rejections can be seen, the deactivation only taking place when the predetermined number is exceeded. Decommissioning can also be made dependent on the fact that the rejection contains information indicating the reason.
  • the proposed procedure enables (partially) automatic deletion or deactivation of subscription profiles that are no longer used or required.
  • the decommissioning can optionally be authorized by the user.
  • profile maintenance by the user of the mobile device is not required.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Databases & Information Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephone Function (AREA)
  • Telephonic Communication Services (AREA)

Abstract

L'invention concerne un procédé de gestion de profils de souscription (13, 14) d'un élément de sécurité (11) destiné à être utilisé dans un terminal (10) mobile sur lequel un gestionnaire de profils (12) et au moins un premier profil de souscription sont téléchargés. Le procédé comprend : le téléchargement (Sl) d'un deuxième profil de souscription (14) à partir d'un serveur de gestion des souscriptions ; la vérification (S2) si l'au moins un premier profil de souscription (13) téléchargé remplit une condition prédéterminée ; et la désactivation (S3) de l'au moins un premier profil de souscription si l'au moins un premier profil de souscription (13) remplit la condition prédéterminée.
PCT/EP2020/000029 2019-02-01 2020-01-29 Procédé et dispositifs de gestion de profils de souscription d'un élément de sécurité WO2020156752A1 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
EP20703683.1A EP3918822A1 (fr) 2019-02-01 2020-01-29 Procédé et dispositifs de gestion de profils de souscription d'un élément de sécurité
US17/427,260 US11943837B2 (en) 2019-02-01 2020-01-29 Method and devices for managing subscription profiles on a security element

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE102019000743.3A DE102019000743A1 (de) 2019-02-01 2019-02-01 Verfahren und Vorrichtungen zum Verwalten von Subskriptionsprofilen eines Sicherheitselements
DE102019000743.3 2019-02-01

Publications (1)

Publication Number Publication Date
WO2020156752A1 true WO2020156752A1 (fr) 2020-08-06

Family

ID=69468524

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2020/000029 WO2020156752A1 (fr) 2019-02-01 2020-01-29 Procédé et dispositifs de gestion de profils de souscription d'un élément de sécurité

Country Status (4)

Country Link
US (1) US11943837B2 (fr)
EP (1) EP3918822A1 (fr)
DE (1) DE102019000743A1 (fr)
WO (1) WO2020156752A1 (fr)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130303234A1 (en) * 2012-05-08 2013-11-14 Lantronix, Inc. Traversal of Wireless Profiles
WO2015018533A1 (fr) 2013-08-09 2015-02-12 Giesecke & Devrient Gmbh Procédés et dispositifs de mise en œuvre d'une commutation de réseau mobile
DE102015012943A1 (de) * 2015-10-07 2017-04-13 Giesecke & Devrient Gmbh Verwalten eines Subskriptions-Profils
US20170215063A1 (en) * 2014-03-14 2017-07-27 Oberthur Technologies Embedded subscriber identity module capable of managing communication profiles
US20180131699A1 (en) * 2015-05-07 2018-05-10 Samsung Electronics Co., Ltd. Method and apparatus for providing profile

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR102331692B1 (ko) 2014-06-30 2021-11-30 삼성전자 주식회사 단말의 프로파일 선택 방법 및 장치
KR102545897B1 (ko) * 2015-12-22 2023-06-22 삼성전자 주식회사 프로파일 제공 방법 및 장치
US10178242B2 (en) * 2017-03-17 2019-01-08 Microsoft Technology Licensing, Llc Enterprise gateway to mobile operator
KR102600813B1 (ko) * 2018-06-07 2023-11-10 삼성전자 주식회사 메시지 서비스를 이용하여 프로파일을 설치하고 관리하는 방법 및 장치

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130303234A1 (en) * 2012-05-08 2013-11-14 Lantronix, Inc. Traversal of Wireless Profiles
WO2015018533A1 (fr) 2013-08-09 2015-02-12 Giesecke & Devrient Gmbh Procédés et dispositifs de mise en œuvre d'une commutation de réseau mobile
US20170215063A1 (en) * 2014-03-14 2017-07-27 Oberthur Technologies Embedded subscriber identity module capable of managing communication profiles
US20180131699A1 (en) * 2015-05-07 2018-05-10 Samsung Electronics Co., Ltd. Method and apparatus for providing profile
DE102015012943A1 (de) * 2015-10-07 2017-04-13 Giesecke & Devrient Gmbh Verwalten eines Subskriptions-Profils

Also Published As

Publication number Publication date
EP3918822A1 (fr) 2021-12-08
DE102019000743A1 (de) 2020-08-06
US20220132297A1 (en) 2022-04-28
US11943837B2 (en) 2024-03-26

Similar Documents

Publication Publication Date Title
DE69830175T2 (de) Verfahren zur kontrolle von anwendungen gespeichert in einem teilnehmererkennungsmodul
DE4317143C2 (de) Verfahren und Einrichtung zum Betrieb eines Mobilfunknetzes
WO2003001769A2 (fr) Procede de transfert de donnees
WO2009095048A1 (fr) Procédé pour gérer l'autorisation d'accès relative à des téléphones mobiles sans carte sim
EP1576848A2 (fr) Procede pour fournir des services payants, dispositif d'identification d'utilisateur et dispositif de fourniture de services
EP1895792B1 (fr) Procédés et dispositifs pour l'actualisation de la configuration d'un module d'identification d'abonné au service radiophonique mobile
EP1723815B1 (fr) Synchronisation de donnees dans au moins deux cartes d'abonne pour le fonctionnement d'un terminal mobile
DE112018000928T5 (de) Funkkommunikationsvorrichtung und steuerverfahren davon
EP2895985B1 (fr) Administration de contenu pour une station mobile observent la technologie d'execution fiabilisee
EP2047705B1 (fr) Procédé de protection contre les mécanismes d'orientation d'itinérance
WO2020156752A1 (fr) Procédé et dispositifs de gestion de profils de souscription d'un élément de sécurité
EP1421742A2 (fr) Procede pour envoyer des donnees d'acces a une station d'abonne se trouvant notamment dans un vehicule pour un mode d'acces special a une station de prestations de services
WO2015018510A2 (fr) Procédé et dispositifs de changement de réseau de téléphonie mobile
DE102021005920A1 (de) Verfahren zum Zurücksetzen zumindest einer SIM-Karte eines Mobilendgeräts
EP1271881A1 (fr) Procédé pour Transferer des Données
WO2015185212A1 (fr) Procédé et dispositifs pour la gestion de souscriptions sur un élément de sécurité
EP2689596B1 (fr) Procédé et appareils pour acheminer des liaisons de télécommunication (liaisons tc) jusqu'à un terminal de téléphonie mobile
DE102017002795A1 (de) Verfahren zur Multi-APN Kommunikation
DE102015011748A1 (de) Verfahren und Vorrichtung zum Verwalten von Subskriptionen auf einem Sicherheitselement
WO2004064363A1 (fr) Procede de rejet d'appels entrants en fonction d'un controle du numero d'appelant effectue sur la carte sim
EP3085134B1 (fr) Procédé et dispositifs de gestion de souscriptions sur un élément de sécurité
DE102022001848B3 (de) Verfahren zum nutzerbezogenen Einrichten eines Endgerätes
DE102020130180B3 (de) Intelligente wearable-vorrichtung, mobilfunk-kommunikationsendgerät, mobilfunk-kommunikations-system und verfahren zum betreiben eines mobilfunk-kommunikations-systems
DE112019005926B4 (de) Kommunikationsvorrichtung, fahrzeug und verfahren
DE102021200810B3 (de) Verfahren zum Betreiben einer Kommunikationsanordnung in einem Fahrzeug und Kommunikationsanordnung für ein Fahrzeug

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20703683

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

ENP Entry into the national phase

Ref document number: 2020703683

Country of ref document: EP

Effective date: 20210901